Blackberry shuts out Heartbleed

BlackBerry plans to release security updates for messaging software for Android and iOS to shut out the Heartbleed security threat. For those who came in late Heartbleed is a bug that targets the OpenSSL software and basically means that hackers can steal massive troves of information without leaving a trace.

The bug has been fixed, but servers need to be updated and there could be some problems for mobile devices. Scott Totzke, BlackBerry senior vice president said that while the bulk of BlackBerry products do not use the vulnerable software, the company does need to update two widely used products: Secure Work Space corporate email and BBM messaging program for Android and iOS. He told Reuters that software is vulnerable to attacks by hackers if they gain access to those apps through either WiFi connections or carrier networks.

Totzke said that the level of risk was extremely small because BlackBerry's security technology would make it difficult for a hacker to succeed in gaining data through an attack.

"It's a very complex attack that has to be timed in a very small window," he said, adding that it was safe to continue using those apps before an update is issued.

Technology firms and the US government are taking the threat extremely seriously. Federal officials warned banks and other businesses on Friday to be on alert for hackers seeking to steal data exposed by the Heartbleed bug. Cisco, HP, IBM, Intel, Juniper, Oracle and Red Hat have warned customers they may be at risk. Some updates are out, while others, like BlackBerry, are rushing to get them ready.

There have been no public reports of successful attacks involving the Heartbleed vulnerability, which has been around for two years. However, that could mean that hackers could have successfully been using it without being caught since attacks do not leave any traces.